In an interview on Category5 Technology TV held Tuesday May 13, 2014, François Proulx, Security Engineer for PasswordBox, revealed that the popular cloud-based password management system will be introducing sophisticated multi-device multi-factor authentication in June 2014.
While no specific date was given, Mr. Proulx’s statements make it clear that the important security feature will be coming soon.
“It is literally a few short weeks away from now, I would say our goal is to put it in production in our products in June ,” says Mr. Proulx. “We’ve pretty much completed the design aspects of it. I’ve reviewed the security. We are just right now dispatching the various tasks to each and every team. Obviously we don’t want to rush things too fast because we want to ensure the quality of our product. But it is coming very, very soon.”
“One thing we’ve announced recently is integration with the new Samsung S5, which has a fingerprint scanner. So that already exists for the Android version of our app. Also, we’ve announced integration with the NYMI bracelet which detects your heartbeat,” explains Mr. Proulx. “Biometrics as an area of research is something we’re putting a lot of focus on.”
Mr. Proulx didn’t go into a lot of details as to the available options that will be coming to PasswordBox in order to provide multi-factor authentication, but stated, “Let me just say that it will be very, very similar to what Google does. So if you look at the way Google does it, or Yahoo, it will be modeled in a very similar fashion.”
The interview, which was geared toward advanced viewers, covered a wide gamut of topics surrounding the functionality of PasswordBox and how it ensures your passwords are safe from hackers and even Government agencies such as the National Security Agency (NSA).
“What is stored in our database for each and every user’s accounts is only encrypted data,” explains Mr. Proulx. “The critical assets, such as the password assets and also all the wallet items … those are all encrypted in a blackbox manner. So what we receive on the server side is an opaque blob that we then store and then later sync across all the devices.”
He further explains in excellent detail that due to the architecture of the PasswordBox system, only a person with your master password can then decrypt this blob of information. Therefore, nobody at PasswordBox, nor the NSA or any other government agency has access to your data.
PasswordBox recommends using a very strong master password to ensure this is the case.
You can watch the full interview on YouTube:
Edit: May 22, 2014 – Added quotes about the methods of multi-factor authentication (such as the fingerprint scanner or NYMI).